On 09/07/2016 09:04 AM, Dominick Grift wrote: > On 09/07/2016 03:00 PM, Stephen Smalley wrote: >> On 09/07/2016 08:47 AM, Dominick Grift wrote: >>> On 09/07/2016 02:36 PM, Stephen Smalley wrote: >>>> On 09/07/2016 12:42 AM, Gary Tierney wrote: >>>>> On Tue, Sep 06, 2016 at 03:13:17PM -0400, Stephen Smalley >>>>> wrote: >>>>>> On 09/06/2016 09:48 AM, Gary Tierney wrote: >>>>>>> static int seuser_sort_func(const void *arg1, const >>>>>>> void *arg2) @@ -1074,9 +1130,6 @@ static >>>>>>> genhomedircon_user_entry_t >>>>>>> *get_users(genhomedircon_settings_t * s, if >>>>>>> (strcmp(name, DEFAULT_LOGIN) == 0) continue; >>>>>>> >>>>>>> - if (strcmp(name, TEMPLATE_SEUSER) == 0) - >>>>>>> continue; - >>>>>> >>>>>> This yields a warning/error on Fedora: $ sudo semodule -B >>>>>> libsemanage.add_user: user system_u not in password >>>>>> file >>>>>> >>>>> >>>>> I can re-add this conditional to prevent outputting the >>>>> warning, though is there a reason for a login named >>>>> "system_u" ? >>>> >>>> crond used to require one in order to look up the context >>>> for system cron jobs; I'm not sure if that is still required, >>>> but it is still present in Fedora. >>> >>> https://git.fedorahosted.org/cgit/cronie.git/commit/?id=e5280235809844f54d5956ec281472b63dcfc3f4 >> >> >>> Ok, >>> >> so maybe someone should file a bug on policy to remove system_u >> from seusers? After first testing that it doesn't break >> anything. >> >> >> > > https://github.com/DefenSec/dssp/commit/08b73d7c79945bec0307aec76c04fccda9e336a6 Ok, > but I meant a bug against fedora policy to remove it. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
